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DETAILED ACTION 

1 . This is in response to the arguments filed on 3 May 2007. 

2. Claims 10-12, 17-26, 30-35 and 38-59 are pending in the application. 

3. Claims 10-12, 17-26, 30-35 and 38-59 have been rejected. 

4. Claims 1-9, 13-16, 27-29, 36 and 37 have been cancelled. 

Response to Arguments 

5. Applicant's arguments, see page 1, filed 3 May 2007, v^ith respect to claim 54 have been fully 
considered and are persuasive. The rejection of the claim has been withdrawn. As per the 
interview regarding the rejection under 35 U.S.C. 112, second paragraph, the examiner 
withdraws the rejection. There are no issues regarding antecedent basis. 

6. Regarding the prior art, the Applicant's arguments filed 3 May 2007 have been fully 
considered but they are not persuasive. 

On pages 3 and 4, the applicant argues that Dixon fails to teach all the elements of claims 
17, 22, 24, 30, 42 and 55. Specifically, with regard to claim 17, the applicant argues that Dixon 
fails to teach validating the formatted access request in accordance with the request message 
specification. The applicant argues that Dixon fails to teach forwarding the validated access 
request across the security barrier. The applicant argues that Dixon lacks a validated access 
request. 

The examiner respectfully disagrees. Dixon discloses that HTTP transactions can only be 
initiated by client systems; firewall 140 can be designed to only allow out-going HTTP requests 
and only allow in-coming HTTP responses that correspond to the out-going HTTP requests. 
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Therefore, the firewall only allows HTTP (outgoing and incoming) messages. The message 
specification is HTTP. The security barrier is firewall 140. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the. applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

7. Claims 10, 17-26, 30, 31, 34, 35, 42, 43, 45-47, 51 and 53-57 are rejected under 35 
U.S.C. 102(e) as being anticipated by Dixon U.S. Patent No. 6,289,461 Bl. 

As to claim 10, Dixon discloses that the request and the response message validatings are 
respectively performed at first and second secure data brokers on opposing sides of the security 
barrier [column 4 line 58 to column 5 line 4]. Dixon discloses that the validated request and 
response message transmissions are between the first and second secure data brokers [column 4 
line 58 to column 5 line 4], 

As to claim 17, Dixon discloses in a networked computing environment, a method of 
securing access to an information resource behind a security barrier, the method comprising: 

predefining a request message specification corresponding to a structured 
request language [column 6 line 43 to column 7 line 27]; 

formatting an access request in accordance with the structured request 
language [column 6 line 43 to column 7 line 27]; 


Application/Control Number: 09/357,726 Page 4 

Art Unit: 2131 

supplying the formatted access request to a first intermediary, the 
intermediary validating the formatted access request in accordance with the 
request message specification [column 6 line 43 to column 7 line 27]; and 

forwarding the validated access request across the security barrier [column 
6 line 43 to column 7 line 27]. 
As to claim 18, Dixon discloses accessing the information resource in accordance with 
the validated access request [column 6 line 43 to column 7 line 27], 
As to claim 19, Dixon discloses a method fiarther comprising: 

receiving, at an application proxy, an access request targeting the 
information resource [column 6 line 43 to column 7 line 27]; and 

performing the access request formatting at the application proxy [column 
6 line 43 to column 7 line 27]. 
As to claim 20, Dixon discloses a method further comprising: 

predefining a response message specification corresponding to a structured 
response language [column 6 line 43 to column 7 line 27]; 

formatting a response to the access request in accordance with the 
structured language [column 6 line 43 to column 7 line 27]; 

supplying the formatted response to a second intermediary, the second 
intermediary validating the formatted response in accordance with the response 
message specification [column 6 line 43 to column 7 line 27]; and 

forwarding a validated response across the security barrier [column 6 line 
43 to column 7 line 27]. 
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As to claims 21 and 23, Dixon discloses a method further comprising: 

accessing the information resource in accordance with an access request 
from a client [column 7, lines 28-60]; and 

supplying the client with a response in accordance with the validated 
response [column 7, lines 28-60]. 
As to claim 22, Dixon discloses in a networked computing environment, a method of 
securing access to an information resource behind a security barrier, the method comprising: 

predefining a response message specification corresponding to a structured 
response language [column 6 line 43 to column 7 line 27]; 

formatting a response to an access request targeting the information 
resource, the formatted response being in accordance with the structured response 
language [column 6 line 43 to column 7 line 27]; 

supplying the formatted response to an intermediary, the intermediary 
validating the formatted response in accordance with the response message 
specification [column 6 line 43 to column 7 line 27]; and 

forwarding a validated response across the security barrier [column 6 line 
43 to column 7 line 27], 
As to claim 24, Dixon discloses an information security system comprising: 

a security barrier [column 6 line 43 to column 7 line 27]; 

a proxy for an information resource, the proxy and the information 
resource on opposing first and second sides, respectively, of the security barrier 
[column 6 line 43 to column 7 line 27]; 
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a data broker on the first side of the security barrier, wherein, in response 
to an access request targeting the information resource, the data broker validates a 
request message encoded in a structured request language against a predefined 
request message specificafion therefor and forwards only validated request 
messages across the security barrier [column 6 line 43 to column 7 line 27]. 
As to claim 25, Dixon discloses an information security system fiirther comprising: 

a second data broker on the second side of the security barrier, wherein, in 
response to an access targeting the information resource [column 6 line 43 to 
column 7 line 27], the second data broker validates a response message against a 
predefined response message specification and forwards only validated response 
messages across the security barrier [column 6 line 43 to column 7 line 27]. 
As to claim 26, Dixon discloses the information resource [column 7, lines 28-60]. 
As to claim 30, Dixon discloses a computer program product encoded in computer 
readable media, the computer program product comprising: 

data broker code and parser code executable on a first network server 
separated from an information resource by a security barrier [column 6 line 43 to 
column 7 Hne 27]; 

the data broker code including instructions executable as a first instance 
thereof to receive access requests in a structured language corresponding to a 
predefined request message specification and to forward validated ones of the 
access requests across the security barrier toward the information resource 
[column 6 line 43 to column 7 line 27]; and 
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the parser code including instructions executable as a first instance thereof 
to validate the received access requests against the predefined request message 
specification [column 6 line 43 to column 7 line 27]. 
As to claim 31, Dixon discloses an encoding of the predefined request message 
specification [column 6 line 43 to column 7 line 27]. 

As to claim 34, Dixon discloses the computer program product further comprising: 

application proxy code including instructions executable to format the 
access requests in accordance with the structured language corresponding to the 
predefined request message specification [column 6 line 43 to column 7 line 27]. 
As to claim 35, Dixon discloses the computer program product encoded by or transmitted 
in at least one computer readable medium selected from the set of a disk, tape or other magnetic, 
optical, or electronic storage medium and a network, wireline, wireless or other communications 
medium [column 6 line 43 to column 7 line 27]. 

As to claim 42, Dixon discloses a method of securing a data transaction across a security 
barrier, the method comprising: 

validating a request message encoded in a structured request language 
against a predefined request message specification therefor [column 6 line 43 to 
column 7 line 27]; 

transmitting the validated request message across the security barrier 
[column 6 line 43 to column 7 line 27]; 

validating a response message encoded in a structured response language 
against a predefined response message specification therefor, the response 
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message corresponding to the validated request [column 6 line 43 to column 7 
line 27]; and 

transmitting the validated response message across the security barrier 
[column 6 line 43 to column 7 line 27]. 
As to claim 43, Dixon discloses that the request and response message specifications are 
predefined in accordance with valid request and response message constraints specific to an 
information resource [column 6 line 43 to column 7 line 27]. 

As to claim 45, Dixon discloses a method further comprising: 

receiving, at an application proxy, an access request targeting an 
information resource [column 6 line 43 to column 7 line 27]; 

formatting the request message in a structured language corresponding to 
the request message specification [column 6 line 43 to column 7 line 27]; and 

transmitting the formatted request message to a secure data broker for the 
request message validating [column 6 line 43 to column 7 line 27]. 
As to claim 46, Dixon discloses a method further comprising: 

formatting the response message in a structured language corresponding to 
the response message specification [column 6 line 43 to column 7 line 27]; and 

transmitting the formatted response message to a secure data broker for 
the response message validating [column 6 line 43 to column 7 line 27]. 
As to claim 47, Dixon discloses a method further comprising: 

accessing an information resource in accordance with the validated request 
message [column 7, lines 28-60]; and 
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preparing the response message in accordance with the access [column 7, 
lines 28-60]. 

As to claim 51, Dixon discloses that at least one of the validated request message 
transmitting and the validated response message transmitting is via a secure protocol [column 7, 
lines 28-60]. 

As to claim 53, Dixon discloses that the security barrier includes a firewall [column 3, 
lines 33-48]. 

As to claim 54, Dixon discloses that the security barrier includes a secure communication 
channel between servers [column 3, lines 33-48]. 

As to claim 55, Dixon discloses in a networked information environment including a 
client and an information resource separated by a security barrier, an information security system 
comprising: 

means for proxying an access request by the client targeting the 
information resource and for preparing a request message corresponding to the 
access request in a structured language corresponding to a predefined request 
message specification [column 6 line 43 to column 7 line 27]; 

means for validating the request message against the predefined request 
message specification and forwarding only validated request messages across the 
security barrier [column 6 line 43 to column 7 line 27]. 
As to claim 56, Dixon discloses means for validating a response message against a 
predefined response message specification and forwarding only validated response messages 
across the security barrier [column 6 line 43 to column 7 line 27]. • 
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As to claim 57, Dixon discloses an information security system further comprising the 
security barrier [column 6 line 43 to column 7 line 27]. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 11 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over Dixon 

U.S. Patent No. 6,289,461 Bl as applied to claim 42 above, and further in view of 

Ottensooser U.S. Patent No. 5,905,856. 

As to claims 1 1 and 12, Dixon does not teach that the request message validating includes 
parsing the request message using Data Type Definitions (DTDs) encoding a hierarchy of vaHd 
tag-value pairs in accordance with syntax of a valid request message. Dixon does not teach that 
if the request message is not successfully parsed, forwarding a response message without 
transmission of the request message across the security barrier. Dixon does not teach that the 
response message validating includes parsing the response message using Data Type Definitions 
(DTDs) encoding a hierarchy of tag-value pairs in accordance with syntax of a valid response 
message. 

Ottensooser teaches parsing the request message using Data Type Definitions (DTDs) 
encoding a hierarchy of valid tag-value pairs in accordance with syntax of a valid 
request/response message [column 7, lines 58-64; column 10 line 66 to column 1 1 line 30]. 
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Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Dixon so that gateway of Borella would have 
parsed the request message using data type definitions, encoding a hierarch of valid-tag pairs in 
accordance with the syntax of a valid request message. If the request message were not 
successfully parsed, an alert message would have been forwarded across the firewall. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Dixon by the teaching of Ottensooser because the 
structure permits the use of a simple language that allows the user to write a set of tests that 
closely match the business activities under scrutiny. The language is sufficiently high level so 
that the user does not have to be involved in the highly technical "behind the scenes" type work 
that actually tells the computer application what to do. Other products on the market are not as 
advanced and rely on the skills of computer programmers to write test plans rather than business 
users [column 13, lines 47-58]. 

9. Claims 32, 33, 38-41, 48-50, 52, 58 and 59 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Dixon U.S. Patent No. 6,289,461 Bl as applied to claims 17, 24, 30 and 42 
above, and further in view of Bobo, II U.S. Patent No. 5,870,549. 

As to claim 32, Dixon discloses that the data broker code and parser code are also 
executable on a second network server separated from a client application by the security barrier 
[column 3, lines 33-48]. Dixon discloses that the data broker code includes instructions 
executable as a second instance thereof to receive responses corresponding to a predefined 
response message specification and to forward validated ones of the responses across the security 
barrier toward the client application [column 3 line 65 to column 4 line 19]. Dixon discloses that 
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the parser code includes instructions executable as a second instance thereof to validate the 
received responses against the predefined response message specification [column 3 line 65 to 
column 4 line 19]. 

Bobo teaches the translation of messages into XML format [column 21, lines 37-42]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have the gateway as taught by Dixon to format the outgoing 
packets to the XML structured language. 

It would have been obvious to have modified Dixon by the teaching of Bobo because 
XML is easier to write applications for, easier to understand, and more suited to delivery and 
inter-operability over the Web [column 21 lines 33-37]. 

As to claim 33, Dixon teaches an encoding of the predefined response message 
specification [abstract]. 

As to claims 38-41, 48-50, 52, 58 and 59, Dixon does not teach that the structured request 
language includes a markup language. Dixon does not teach that the markup language includes 
extensible markup language. 

Bobo teaches the translation of messages into XML format [column 21, lines 37-42]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have the gateway as taught by Dixon to format the outgoing 
packets to the XML structured language. 

It would have been obvious to have modified Dixon by the teaching of Bobo because 
XML is easier to write applications for, easier to understand, and more suited to delivery and 
inter-operability over the Web [column 21 lines 33-37]. 
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10. Claim 44 is rejected under 35 U.S.C. 103(a) as being unpatentable over Dixon U.S. 
Patent No. 6,289,461 Bl as applied to claim 42 above, and further in view of Applied 
Cryptography (hereinafter Schneier). 

As to claim 3, Dixon does not teach that at least one of the request and response message 
specifications is cryptographically secured. 

Schneier teaches the use and benefits of encryption, page 2. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time invention was made to have modified Dixon so that the request and response messages were 
cryptographically secured. 

It would have been obvious to modify Dixon by the teaching of Schneier because 
cryptography offers authentication, integrity and nonrepudiation, page 2. 

Conclusion 

11. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 
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Any. inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793, 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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